We produced a series of blogs reporting from the SolarWinds MSP Empower event in Amsterdam… Here David Weeks explained why MSPs should be selling a layered approach to security.
Organizations can no longer talk about what might happen if they have a data breach, because today, it’s simply a question of when, said David Weeks. According to the latest breach level index figures, over five million data records are lost or stolen every day. That breaks down to over 200,000 every hour, almost 3,500 a minute and 58 every second of the day.
These statistics aren’t restricted to large companies, said David, but cover organizations of every size. In fact, he pointed out that small- and medium-sized businesses (SMBs) tend to be more at risk because a data breach can have more of an effect on their business and few have the in-house expertise that many large organizations boast.
“What’s more, many SMBs don’t realize they could be the gateway to larger data theft or hacking attempts,” he said, “nor do they appreciate that ransomware is becoming a constant disrupter across the business spectrum.”
Outside of data breaches, losses are still a major problem. David cited the Google Consumer Survey of 1,000 small businesses1, which found that over 60% had experienced employee downtime due to a data loss. For 27%, this was between eight and 40 hours, and for 7% it was over 40 hours. Despite this, the same study also found that only 26% of those surveyed performed data backups, meaning almost three-quarters never do this.
Costing a data breach
Pulling apart an incident that breached or infected seven users, David highlighted calculated the estimated cost without managed security in place would be €5,600 dollars. This included €3,150 lost in tech time invoicing, and €2,450 in lost productivity. However, he pointed out that with managed services in place, the cost would only have been €385—a saving of €5,215! This was achieved by reducing the time spent for recovery for each of the users affected from three hours to 15 minutes, and cutting lost productivity time from 10 hours to 30 minutes. Additional costs were also cited, including an estimate of around €3,000 for a paid ransom, and an incredible €50,000 potential fine if customer data was compromised in the breach.
David, explained that these were sample figures based on results from a calculator the company built to highlight the real costs of breaches to MSPs. “Figures like these underline why many SMBs that experience a data breach never recover,” he said.
When assessing its security needs, David said every business should ask itself the following questions:
- Are you prepared for a breach?
- What is your biggest security concern?
- Do you have regular employee security training?
- Do you have a clear overview of all security practices in place?
- What is your established process to address breaches or security incidents in real-time?
Take a layered approach
To maximize protection and minimize risk, ideally, SMBS should have a layered security solution in place. “This provides security first at the perimeter level through mail protection, web filtering and firewall management and monitoring,” David explained. “It then also delivers user-level security through AV protection, patch management, critical file backup, regular vulnerability scanning, password management, and disc encryption.”
One of the biggest risks of data loss actually comes from inside a business through the inadvertent actions of employees, David added, pointing out that 37%2 of breaches are due to staff. As such, he said it’s also important to create a ‘human firewall’.
This involves:
- Regular ongoing education
- Mitigation of users’ abilities to introduce threats
- Regular testing of users to catch potential offenders
- Regular information on potential threats to customers
By working with a security solutions provider to implement layers of solutions and establishing a human firewall, David said that SMBs can not only significantly reduce the risk of a data breach or loss, but also minimize the effects if one does occur.
David Weeks is Senior Global Channel Sales Manager at SolarWinds MSP.
Sources
1. Retrospect, Inc., Google Consumer Survey of 1,000 small businesses, results available at https://www.retrospect.com/en/press/2016/05/03/retrospect_small_business_survey
2. Global State of Information Security—https://www.pwc.com/us/en/services/consulting/cybersecurity/library/information-security-survey.html
This blog was written by three-sixty for SolarWinds MSP and published on their blog